Warriors Turn Cyber Warriors…

A recently established non-profit organization geared at providing career training for returning Veterans and Wounded Warriors has graduated it’s first class. Security provider Lunarline and Echo360, an active learning and lecture capture provider, announced the first group of Warrior to Cyber Warrior (W2CW) students has completed training.

W2CW is designed to pair employers with highly skilled cybersecurity professionals after they complete a free six-month security training and certification program which is offered exclusively to military veterans and wounded service members who seek assistance in developing the skills needed to transition from the military to private sector employment, and serves to ease the increasing demand for security experts.

The W2CW program includes:

Certified cyber security training

Professional certification

Security clearance for government initiatives

Internship in the cyber security field

Job placement upon completion of the program

“The remote learning coupled with the camaraderie within the cohorts provides a certain ‘ease-of-use’ that cannot be found or replicated in other programs,” said W2CW graduate and veteran Jack Keck, who said he is “glad to have had the opportunity to graduate from W2CW and [is] looking forward to participate as an alumnus in their future success.”

Modern Malware Evading Antivirus Software…

Security provider Palo Alto Networks released the first annual Modern Malware Review (.pdf – no registration required) which provides a glimpse at “new and evasive malware” and how they behave on enterprise information networks.

Among the findings in the study are indications that traditional antivirus offerings are having more and more difficulty identifying the majority of new malware strains that have been found to be infecting systems by way of real-time applications, such as those used in internet browsers. The latest generation of malware is employing ever more crafty detection evading techniques, creating a real headache for AV companies and their clients.

“It’s not enough to simply detect malware out there that is evading traditional security,” said Palo Alto Networks Wade Williamson. “That’s what the Modern Malware Review is signaling – analyzing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed.”

Key findings in the report include:

94 percent of the fully undetected malware found on networks was delivered via web browsing or web proxies.

70 percent of malware left identifiers in their traffic or payload that can be used by security teams for detection.

40 percent of seemingly unique malware are actually repackaged versions of the same code.

FTP is a highly-effective method for introducing malware to a network. 95 percent of malware delivered via FTP went undetected by antivirus solutions for more than 30 days.

Modern malware is highly adept at remaining undetected on a host device. The review identified 30 different techniques for evading security and more than half of all malware behaviors were focused on remaining undetected.

Malware developers have long used advanced evasion techniques such as system hooks that render malicious code dormant until activated by operating system scripts triggered by users, such as the movement of a mouse or a keystroke.

Given that sandboxing and other virtual environments used by AV companies to analyze millions of code samples everyday do not use external hardware like a keyboard or mouse, an increasing number of malware varieties are not being cataloged for inclusion in signature updates. The review identified more than 26,000 unique malware samples on networks surveyed. We can expect more of this to come.

Emerging Threats Report…

The Georgia Tech Information Security Center (GTISC) has released the Emerging Cyber Threat Report for 2013 (.pdf – no registration required) which seeks to draw attention to newly identified development in the threat landscape that all infosec pros and the populations they serve should be aware of.

Key trends identified by the researchers include increasing vulnerabilities directly tied to the proliferation of mobile technology in the workplace, particularly personal devices like smartphones and tablets which are more and more being utilized to access corporate networks (BYOD), and the rise of cloud-based services which have undermined traditional perimeter defense strategies.

Key issues addressed in the report include:

Information Manipulation:

Information manipulation gives attackers the ability to influence what a victim sees on the Web in a way that survives cleaning the client machine

The act of personalizing search results and news feeds leads to a narrowing of viewpoints, a form of automated censorship

Attempts to increase the uptake of a given viewpoint can be detected based on certain characteristics

Insecurity if the Supply Chain:

Supply chain insecurity is both hard to detect and expensive to defend against

Detecting firmware changes will continue to remain difficult

On an international policy level, supply chain issues will continue to be an intractable problem

Mobile Security:

Malicious and privacy-undermining applications for Android will continue to grow quickly, as cybercriminals use toll fraud and other mechanisms to turn compromised devices into cash sources.

Well-vetted app stores will continue to be a good first defense against malware and have kept infection rates in the U.S. low

Mobile wallets will face further scrutiny and slow adoption until their security is proven

Cloud Security:

The accretion of data in the cloud will provide better- than-average information security, while at the same time offering attackers more attractive targets

Authorization will continue to be the weakest point for cloud data stores

The responsibilities and liabilities of cloud service providers will be resolved in the near future

Companies will need stronger guarantees of security to more widely move their data and business process es to the cloud

Malware Counteroffensives:

The ability of automated systems to handle malware analysis will be compromised by the increasing use of DRM-like techniques for locking malware to infected systems

Attackers are honing their ability to compromise Mac OS X and mobile-device platforms

Domain generation algorithms will increasingly be used to harden botnets but at the cost of stealth

Healthcare Security:

With the move to electronic medical records, the healthcare industry will become more open to threats

Medical staff needs to be educated to better understand how security threats can impact their patients

Allowing patients to retain control of their records, while giving access in emergency situations, is a key challenge

Technology providers need to work with medical staff to provide solutions that do not impact efficiency

“If we are going to prevent motivated adversaries from attacking our systems, stealing our data and harming our critical infrastructure, the broader community of security researchers—including academia, the private sector, and government—must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it,” wrote Georgia Tech’s Wenke Lee and Bo Rotoloni.